design-review

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

• Third-party content exposure detected (high risk: 1.00). The SKILL.md explicitly says it "uses Playwright MCP for live browser testing" and to review "deployed UIs," meaning the agent will load and interpret arbitrary public web pages (deployed sites) as part of its workflow, exposing it to untrusted third‑party content.